Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
chore(deps): update module golang.org/x/net to v0.33.0 [security] (#132)
This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | golang.org/x/net | `v0.24.0` -> `v0.33.0` | [![age](https://developer.mend.io/api/mc/badges/age/go/golang.org%2fx%2fnet/v0.33.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/go/golang.org%2fx%2fnet/v0.33.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/go/golang.org%2fx%2fnet/v0.24.0/v0.33.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/go/golang.org%2fx%2fnet/v0.24.0/v0.33.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | --- ### Non-linear parsing of case-insensitive content in golang.org/x/net/html [CVE-2024-45338](https://nvd.nist.gov/vuln/detail/CVE-2024-45338) / [GHSA-w32m-9786-jp63](https://redirect.github.com/advisories/GHSA-w32m-9786-jp63) / [GO-2024-3333](https://pkg.go.dev/vuln/GO-2024-3333) <details> <summary>More information</summary> #### Details An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service. #### Severity Unknown #### References - [https://go.dev/cl/637536](https://go.dev/cl/637536) - [https://go.dev/issue/70906](https://go.dev/issue/70906) - [https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ](https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ) This data is provided by [OSV](https://osv.dev/vulnerability/GO-2024-3333) and the [Go Vulnerability Database](https://redirect.github.com/golang/vulndb) ([CC-BY 4.0](https://redirect.github.com/golang/vulndb#license)). </details> --- ### Non-linear parsing of case-insensitive content in golang.org/x/net/html [CVE-2024-45338](https://nvd.nist.gov/vuln/detail/CVE-2024-45338) / [GHSA-w32m-9786-jp63](https://redirect.github.com/advisories/GHSA-w32m-9786-jp63) / [GO-2024-3333](https://pkg.go.dev/vuln/GO-2024-3333) <details> <summary>More information</summary> #### Details An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service. #### Severity - CVSS Score: Unknown - Vector String: `CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N` #### References - [https://nvd.nist.gov/vuln/detail/CVE-2024-45338](https://nvd.nist.gov/vuln/detail/CVE-2024-45338) - [https://github.com/golang/go/issues/70906](https://redirect.github.com/golang/go/issues/70906) - [https://cs.opensource.google/go/x/net](https://cs.opensource.google/go/x/net) - [https://go.dev/cl/637536](https://go.dev/cl/637536) - [https://go.dev/issue/70906](https://go.dev/issue/70906) - [https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ](https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ) - [https://pkg.go.dev/vuln/GO-2024-3333](https://pkg.go.dev/vuln/GO-2024-3333) This data is provided by [OSV](https://osv.dev/vulnerability/GHSA-w32m-9786-jp63) and the [GitHub Advisory Database](https://redirect.github.com/github/advisory-database) ([CC-BY 4.0](https://redirect.github.com/github/advisory-database/blob/main/LICENSE.md)). </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/jippi/dottie). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS44MC4wIiwidXBkYXRlZEluVmVyIjoiMzkuODAuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsic2VjdXJpdHkiXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
- Loading branch information